RIPE 91 Daily Meeting Blog - Monday

We're back in Bucharest ten years after our last rendezvous and the city has welcomed us back with golden autumn leaves and sunshine! The RIPE community meets once again, ready for another week packed with packets, where we'll address address space, and network over networks. Even though the cloud may have been grumbling in the morning (because what’s the RIPE meeting without a little Internet drama?), RIPE 91 has booted up.

Opening plenary: Jazz is back and IPv6 scanning puzzle

Mirjam Kühne (RIPE Chair) welcomed everyone to RIPE 91. The famous COVID-times jazzy music is back! Or is it? Yes! No? Based on the audience reaction, maybe we should start a poll. (But yeah! It is! It's back!)

Mirjam reminded that this RIPE meeting is special for their team as Niall O'Reilly’s term is going to end this week, at which point he'll hand over to Anna Wilson.

We then had a surprise from our local host InterLAN-IX, with cheerful Romanian folk rhythms setting the stage and the mood for the opening session. Eric Andrei Băleanu, InterLAN-IX, introduced us to InterLAN-IX team and Bucharest, fifth city in the world for fixed broadband Internet speed.

Hans Petter Holen (RIPE NCC) took over and went through the meeting logistics, reminding us that 10 years ago he stood on this same stage as RIPE Chair. Further we continued with a highly administrative but important topic for the RIR community - the NRO NC election. If you don’t know what NRO NC stands for, rewatch the presentation of Ulka Athale, RIPE NCC, who walked us through the voting instructions.

The Programme Committee took to the stage next. Massimiliano Stucchi (PC Chair) introduced the PC team that crafts the plenary agenda, BoFs and tutorials for you. Max reminded us about the new presentation management system Pretalx (if you struggle, please, go to the Tech desk for help), and that the two seats at the PC are open for election.

We then went straight to some real-life detective work on IPv6 scanning. Yoshinobu Matsuzaki (IIJ) presented the story of IPv6 scanning. With global IPv6 adoption having crept up to around 48% globally so far, scanning the IPv6 space has basically become impossible. Huge address space means you need some clues (DNS records, TLS certificates, etc.) to find hosts. The talk covered practical tools and some surprises, like how “going quiet” can make you disappear from the IPv6 hitlist, but how the list is quite patient.

We then moved to discussing network observability. Tom Strickx (Cloudflare) talked about the implementation of gNMI - Network Management Interface - and its comparison with SNMP, an older protocol for collecting and organising information about managed devices on IP networks. SNMP is an outdated protocol with some security issues - but it's still used by many. gNMI, on the other hand, is secure by default, though it's also not without it's faults - such as lack of documentation and inconsistencies that may me caused by different vendors adoption.

Plenary: “the glue that holds the Internet together”

BGP and DNS seemed to be the hot topics of Monday’s sessions, but when are they not? The second plenary session opened with a question about the Internet's cryptographic future. Dirk Doesburg (Radboud University/SIDN Labs) looked into the ways to make RPKI post-quantum-proof. Dirk presented his thesis work that lays the groundwork for a migration to post-quantum cryptography in the RPKI. Dirk pointed to Falcon-512 in a hybrid schema as the most promising candidate, especially when combined with a proposed optimisation - the null signature scheme. This proposal achieves post-quantum security without the huge size typically associated with post-quantum cryptography. His proposal to skip the algorithm migration as defined in the RFCs, and opt for mixed-tree migration instead offers a pragmatic path forward, avoiding the complexity of multiple flag days whilst allowing both experimentation and gradual adoption across the RPKI hierarchy.

The session then shifted to present-day security concerns, with Lefteris Manassakis (Cisco) revealing the hidden world of BGP prefix hijacking affecting root DNS servers. BGP is our old friend, but it needs a close eye and some friends like RPKI, ASPA and others to keep serving us all. Through enhanced monitoring capabilities combining control and data plane analysis, Lefteris presented his research on the incidents invisible to traditional route collectors, including one L-root hijack that persisted for over a year. The presentation delivered a crucial message: whilst RPKI ROAs provide essential protection, the complexity of BGP security demands multiple layers of defence.

We finished off the Plenary with some speedy lightning talks. Simone Basso (Measurement Lab) outlined M-Lab's evolution towards a more distributed hosting model and asked for participation. As the PC noted, it’s great to see the development of the project, that had been previously presented in the past RIPE meetings.

Do you know if there is residential proxy on your network? Sometimes it is hard to tell! Christoff Visser's (IIJ) examination of residential proxies posed questions about research ethics when using residential proxies, where, often, or maybe at best, consent is buried in terms of service.

Finally Remco van Mook (Slashme) posed an uncomfortable truth. Namely, that while you do not want to run IPv4 in your network, your network will need to forward IPv4 for years to come. He proposed IPv6-resolved gateways as a path to finally bidding "farewell to ARPs."

BoF: ICP-2 Update in the making

And to end the proceedings for Day 1: the NRO NC representatives held their second BoF on the second consultation on the second version of the draft “RIR Governance Document”. Hervé Clement (ASO AC) admitted (finally) that he did not know what ICP-2 stood for either, until two years ago. We suspected that all along… Constanze Buerger developed a new tongue-twister for the RIPE community “What I can say about what ICANN can do”. If you want to know what we can, you can and ICANN can (and can’t) do as per the revised document - take a look and submit your feedback by 7 November.

What a start! See you tomorrow RIPE 91!